I would like to restrict access by group, as defined in LDAP. The
obvious solution is to add a filter to the login LDAP search that
restricts to gidNumber=10038 or 10001, since those are the groups I
need. From what I'm seeing, I need to add that to /etc/ldap.conf in the
nss_base_ section, but how to do it isn't clear.

Do I just enter it as a standard LDAP filter? In this case, I think I'd
want (|(gidNumber=10038)(gidNumber=10001)), but it's really not clear
the syntax really isn't clear from the file. Would it just be

nss_base_passwd (|(gidNumber=10038)(gidNumber=10001))?one

That's what it looks like, anyway... if anyone can give me an answer,
or at least point me towards a good source of documentation on this, I'd
appreciate it.

iEYEARECAAYFAkvyttoACgkQWFYfIucpZ2ObvgCfSM9nizx9FgEwHJ+RDAGG6v/Q
C8EAn3C4d7rznRFcdLT/T/qL74lpPAY8
=uSMj
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba